github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apiserver: make SecureServingOptions and authz/n options re-usable

Browse Source
This commit is contained in:
Dr. Stefan Schimanski
2018-01-31 16:17:48 +01:00
parent 0cbe0a6034
commit 4e0114b0dd
26 changed files with 222 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
test/integration/framework/master_utils.go
View File

@@ -160,17 +160,17 @@ func startMasterOrDie(masterConfig *master.Config, incomingServer *httptest.Serv
}
tokenAuthenticator := authenticatorfactory.NewFromTokens(tokens)
if masterConfig.GenericConfig.Authenticator == nil {
masterConfig.GenericConfig.Authenticator = authenticatorunion.New(tokenAuthenticator, authauthenticator.RequestFunc(alwaysEmpty))
if masterConfig.GenericConfig.Authentication.Authenticator == nil {
masterConfig.GenericConfig.Authentication.Authenticator = authenticatorunion.New(tokenAuthenticator, authauthenticator.RequestFunc(alwaysEmpty))
} else {
masterConfig.GenericConfig.Authenticator = authenticatorunion.New(tokenAuthenticator, masterConfig.GenericConfig.Authenticator)
masterConfig.GenericConfig.Authentication.Authenticator = authenticatorunion.New(tokenAuthenticator, masterConfig.GenericConfig.Authentication.Authenticator)
}
if masterConfig.GenericConfig.Authorizer != nil {
if masterConfig.GenericConfig.Authorization.Authorizer != nil {
tokenAuthorizer := authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup)
masterConfig.GenericConfig.Authorizer = authorizerunion.New(tokenAuthorizer, masterConfig.GenericConfig.Authorizer)
masterConfig.GenericConfig.Authorization.Authorizer = authorizerunion.New(tokenAuthorizer, masterConfig.GenericConfig.Authorization.Authorizer)
} else {
masterConfig.GenericConfig.Authorizer = alwaysAllow{}
masterConfig.GenericConfig.Authorization.Authorizer = alwaysAllow{}
}
masterConfig.GenericConfig.LoopbackClientConfig.BearerToken = privilegedLoopbackToken
@@ -281,7 +281,7 @@ func NewMasterConfig() *master.Config {
genericConfig := genericapiserver.NewConfig(legacyscheme.Codecs)
kubeVersion := version.Get()
genericConfig.Version = &kubeVersion
genericConfig.Authorizer = authorizerfactory.NewAlwaysAllowAuthorizer()
genericConfig.Authorization.Authorizer = authorizerfactory.NewAlwaysAllowAuthorizer()
genericConfig.AdmissionControl = admit.NewAlwaysAdmit()
genericConfig.EnableMetrics = true